Cyber data breaches in local government across the UK have rocketed by a staggering 388% in the past three years – as criminal gangs and rogue states look to plunder vital information. New figures show that UK Metropolitan Councils have racked up more than 12,700 data breaches in the time period and have paid out a combined total of more than £260,000 in compensation for legal claims lodged against them. A nation-wide investigation by Data Breach Claims UK has revealed a stark increase both in terms of human error and cyber-attacks across UK councils.
New data obtained via Freedom of Information Requests to the 36 Metropolitan Councils revealed an overall year on year rise in City Local Authority security breaches over the last three years. Of the 24 Met Councils that responded to the request within the deadline, there were a combined total of 12,745 data breach incidents.
Sheffield City Council reported the highest number of security incidents, totalling 1,512 in three years, followed by Manchester City Council and Wakefield Council which had 1,493 and 1,268 respectively.
Sheffield also reported the highest number of cyber attacks during that time, disclosing it had a whopping 26 cyber security breaches since 2022/23.
Wakefield City Council in neighbouring West Yorkshire had to pay out the highest sum in compensation for data breach claims, totalling £52,500.
It is followed by North Tyneside which forked out £49,128 and Tameside Borough Council which paid £32,500.
UK Local Councils are expected to collect, store, use, share and dispose of personal information or data about individuals in line with the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA).
If a data breach occurs, the local authority must report it to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of it if the breach is likely to ‘result in a risk to the rights and freedoms of individuals.’
According to ICO data, cyber attacks on local authority systems have increased by a staggering 387% between 2022 and 2024, while non-cyber data breaches rose by 25 per cent in the same period.
Data Breach Claims UK expert, Reece Vassallo says: “The rise in UK local government data breaches is worrying and we hope that organisations are ensuring that they have sufficient security in place to protect people’s personal information.”
